Lesser-Known Social Engineering Attacks

16.10.23

Blog, Cyber

Social engineering has evolved far beyond generic phishing emails. Today’s attacks employ highly targeted, stealthy techniques specially crafted to exploit human psychology. In this blog, we’ll delve into some under-the-radar techniques to give you a well-rounded understanding of social engineering to be more prepared.

Pretexting is an attack that relies on fabricating an elaborate backstory to manipulate victims into divulging sensitive information. By posing as a trusted entity like IT support, the attacker spins a convincing tale that allows them to infiltrate your systems and data.

Countermeasures: Defending against pretexting requires ongoing staff education about verifying identities before providing access or sharing critical information. Implement communication security across the board, especially for high-risk data exchange.

Whaling represents one of the most dangerous forms of phishing. These attacks precisely target C-level executives and other VIPs with social engineering schemes tailored to their interests and roles. A whaling campaign is meticulously crafted to look like legitimate emails and is designed to lure the target into revealing credentials or downloading malware.

Countermeasures: The best defence is comprehensive security training for leadership. Teach executives how to spot subtle signs of phishing and implement multi-factor authentication for an additional layer of security.

Dumpster diving involves sifting through your physical waste to uncover discarded sensitive documents, hardware, and more. With the right information, attackers can facilitate identity theft, data breaches, and other cybercrime.

Countermeasures: Always make sure to shred important documents before disposal. Use proper techniques for wiping storage media before disposal. Remove the opportunity for attackers to strike gold in your rubbish.

USB drops take advantage of human curiosity. The attacker plants infected USB drives in areas where victims are likely to find them and plug them in, unleashing malware.

Countermeasures: Stay vigilant for rogue USB devices and resist the urge to connect them. Immediately hand them over to IT for analysis.

This in-person technique involves physically looking over someone’s shoulder to grab information from their screen or keyboard. Shoulder surfing can take place everywhere, from public spaces to office environments.

Countermeasures: Mitigate this threat through device positioning, privacy screens, and situational awareness. Keep an eye out for anyone who seems to take more than a passing interest in your work.

Beyond run-of-the-mill phishing, sophisticated social engineering threats are often overlooked. But with vigilance and training, you can detect these tactics and increase your organisation’s security posture.